CVE-2021-42308Authentication Bypass by Spoofing in Microsoft Edge

CWE-290Authentication Bypass by Spoofing4 documents4 sources
Severity
7.5HIGHNVD
CNA3.1
EPSS
1.7%
top 17.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft EdgeMicrosoft Edge Chromium
Timeline
PublishedNov 24
Latest updateMay 24

Description

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/edge_chromium< 96.0.1054.29
CVEListV5microsoft/microsoft_edge1.0.096.0 1954.29

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-8xpv-h7vw-hc6h: Microsoft Edge (Chromium-based) Spoofing Vulnerability2022-05-24
CVEList
Microsoft Edge (Chromium-based) Spoofing Vulnerability2021-11-24

📋Vendor Advisories

1
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability2021-11-09
CVE-2021-42308 — Authentication Bypass by Spoofing | cvebase